Smart cards are small integrated circuits (ICs) embedded onto plastic or tokens and are used for authentication, identification and personal data storage. Smart cards are used by the military, in automatic teller machines, in mobile phone subscriber identity module cards, by schools for tracking class attendance and for storing certificates for use in secure web browsing. They are also used internationally as alternatives to credit and debits cards by many of the major credit card companies. Smart cards are application specific, in order to minimize their size and software overhead. In addition, smart cards use tamper-resistant, secure file cryptosystems, making them more difficult to forge than tokens, money, and government-issued identification cards. They can be programmed to deter theft by preventing immediate reuse, making them more effective than cards with magnetic strips. Due to their emphasis on security at both the software and hardware levels, smart card technology is emerging as the platform of choice in key vertical markets. Smart-card technology is moving toward multiple applications, higher interoperability, and multiple interfaces, such as TCP/IP, near field communicators and contactless chips.
Due to their recent proliferation, smart cards are targets of attacks motivated by identity theft, fraud, and fare evasion. Despite their secure software design, smart cards may still be susceptible to side-channel attacks, which are based on correlations of leaked secondary information in combination with the integrated circuit (IC) output signals. In smart cards, sources of leaked secondary information include electromagnetic emanations (EM leakage), measurements of the amount of time required to perform private-key operations and analysis of noisy power consumption.
One of the most effective attacks on smart cards is a differential power analysis (DPA) attack. In a DPA attack, the attacker analyzes the power consumption in the IC and compares it to the IC's output signals. The leaked side-channel information analyzed in a DPA attack is due to the presence of entropy gain in the system. DPA attacks are effective, since most modern computing technology is CMOS-based, and the power consumption tendencies of these devices are well studied. As such, reducing the power consumption of the CMOS circuit makes a DPA attack more difficult.
Accordingly, what is needed in the art is a cost-effective, improved system and method for reducing the effectiveness of DPA attacks on secure integrated chips, such as smart cards.